We’re getting multiple reports that images generated by DukaPress are not working on some sites. In most cases the images used to work just okay but all of a sudden they appear to be broken, just like this:
The mos probable cause of this is an issue of timthumb not working properly on your site. Timthumb is the script that handles images for DukaPress. For security reasons, some webhosts do not by default allow timthumb to work unless they specifically allow it.
The issue is that we updated one of the mod_sec rules. It is true that we’ll need to whitelist any domain that is using this script, so be sure to list all domains and subdomains that may be using the script so we can make sure they are whitelisted ASAP. I’ve gone ahead and taken care of those you listed in your reply.
It is correct that all sites running this script that we host will fail unless we whitelist the site against the rule. The rule blocks RFI attacks and cross-site scripting because it can be used in a malicious manner, however there are legit scripts that use the mechanism, such as timthumb, ergo sites that use that script need to be whitelisted against the rule.
We apologize for not giving fore-warning about this update and we want to work with you to make sure your sites are running correctly ASAP, so please list any other sites that you have that may use this script.
What can you do to fix things on your own site?
Please contact your webhost immediately referencing this blog post and ask them to verify that timthumb is working on your website.